[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities

[DoZ@xxxxxxxxxxxxxxxxx]

Hackers Center Security Group (http://www.hackerscenter.com/)            
Doz's Security Advisory        


Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium





Omniture, Inc aims its aperture at your Web site. The company provides Internet 
analytic software and services to corporate customers such as AOL, eBay, 
General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps 
clients electronically measure Web site traffic, visitor activity, advertising 
effectiveness, and e-commerce transactions. Other products include the Omniture 
Discover, Data, and SearchCenter line of products, designed to provide 
customers access to all of their data in real time.

Login & Search Engines scripts affected

Vendor: www.omniture.com

Company Email: ir@xxxxxxxxxxxx


Proof of concept:


/search.asp?ss=[XSS]


Many sites running Omniture Web tools are almost certainly vulnerable to cross 
site scripting holes. We made a research and many big companies are using 
Omniture products (Microsoft included).


-- HSC Security Group 
http://www.hackerscenter.com

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com